Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396998.roa
File:                     AS396998.roa (raw, json)
Hash identifier:          DQQ/1/QXMrW+Ge3XcVPOmMRKAW1S6BpuOQikQqsBhDk=
Subject key identifier:   77:F5:ED:4B:04:57:E2:46:27:60:21:9B:FB:FC:7E:7F:2B:24:B9:23
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       25F4B60678136EEFA3682FCB5306631E038D1A4C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396998.roa
Signing time:             Tue 07 Jan 2025 00:00:36 +0000
ROA not before:           Mon 06 Jan 2025 23:55:36 +0000
ROA not after:            Tue 06 Jan 2026 00:00:36 +0000
asID:                     396998
IP address blocks:        141.11.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f4:b6:06:78:13:6e:ef:a3:68:2f:cb:53:06:63:1e:03:8d:1a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan  6 23:55:36 2025 GMT
            Not After : Jan  6 00:00:36 2026 GMT
        Subject: CN=77F5ED4B0457E2462760219BFBFC7E7F2B24B923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9a:17:19:65:cd:8a:a1:37:2c:fe:55:2c:50:
                    a1:52:57:6b:0f:42:bb:2c:7a:8f:6b:4a:b5:f1:3b:
                    06:45:e2:1f:84:46:c7:87:cd:20:c7:41:39:67:2e:
                    9e:b7:0a:3c:c2:fb:64:c6:4a:21:c3:e1:15:39:67:
                    c2:c5:f2:82:31:ff:ee:0a:f8:96:85:51:95:a6:32:
                    e9:47:77:ea:80:a0:ca:05:c3:71:c1:cf:14:b4:d1:
                    76:5e:c9:0f:d7:7b:00:90:cc:c0:06:01:b8:48:76:
                    dc:10:ba:09:5a:52:5d:48:b7:7a:3e:e9:ad:ba:d1:
                    21:86:f0:3c:d8:cf:48:60:37:1d:09:bb:10:6a:64:
                    39:fc:72:ac:4c:da:88:53:61:f4:e8:e3:a1:c4:18:
                    84:00:2c:27:1f:d3:2c:7f:a8:1c:15:2f:a5:fd:d0:
                    94:c2:54:86:29:0a:0b:41:92:c6:84:2b:2e:e2:0a:
                    d8:8a:a1:a0:11:e2:29:f7:c0:20:89:cd:12:60:29:
                    56:0a:ce:47:cf:ef:b4:cc:48:5d:fa:86:16:ca:60:
                    37:da:d6:3f:1d:5f:64:67:d5:02:0f:14:4c:bd:b9:
                    1d:76:de:65:f1:78:62:93:bd:4f:a6:41:ea:b4:c4:
                    3d:3b:41:aa:8c:f8:c6:29:47:6a:74:40:12:19:b1:
                    63:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:F5:ED:4B:04:57:E2:46:27:60:21:9B:FB:FC:7E:7F:2B:24:B9:23
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396998.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:8e:2f:5e:60:57:1e:28:b3:1b:94:49:a9:97:77:8a:bc:8e:
         8b:32:07:d4:4d:44:f2:5a:47:3f:68:3d:95:f5:d0:66:9c:2e:
         96:bc:ed:54:37:ce:45:bf:a7:a0:a5:5e:ae:13:21:62:69:23:
         d2:b4:3b:ec:1d:42:af:77:21:b5:8c:43:8a:3d:8f:b1:f9:68:
         e6:5c:ba:04:08:c9:d4:61:da:a9:3a:92:78:e5:67:c0:0c:4b:
         41:3c:a7:b1:f4:8d:c0:1b:57:6a:7b:8d:af:ab:6c:9c:c4:10:
         e5:81:37:97:c3:60:eb:2d:b3:e0:1b:c9:61:f0:55:77:21:5d:
         6f:89:9b:72:1d:32:72:44:7f:d6:a7:af:e1:4c:09:43:58:cc:
         eb:b6:ca:c4:01:4c:58:fc:93:95:1f:a8:ce:5b:d0:7c:24:cb:
         48:7f:a4:58:08:78:11:6b:f8:c1:81:07:6c:25:ce:46:ba:9d:
         2f:1f:0c:29:39:c0:7b:b9:f6:6c:5d:b6:26:7d:e4:a3:a4:8f:
         c8:8b:70:db:3c:0d:a0:ba:e0:f6:c9:10:b4:ad:84:f1:10:b5:
         00:ff:f4:ca:3b:fe:8c:8c:3d:78:51:3d:ff:cf:bb:33:90:85:
         25:56:57:46:d3:e2:1a:e5:ab:25:58:c9:ed:0b:87:19:f6:0f:
         2c:af:05:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJfS2BngTbu+jaC/LUwZjHgONGkwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAxMDYyMzU1MzZaFw0yNjAxMDYwMDAwMzZaMDMxMTAvBgNV
BAMTKDc3RjVFRDRCMDQ1N0UyNDYyNzYwMjE5QkZCRkM3RTdGMkIyNEI5MjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnmhcZZc2KoTcs/lUsUKFSV2sP
Qrsseo9rSrXxOwZF4h+ERseHzSDHQTlnLp63CjzC+2TGSiHD4RU5Z8LF8oIx/+4K
+JaFUZWmMulHd+qAoMoFw3HBzxS00XZeyQ/XewCQzMAGAbhIdtwQuglaUl1It3o+
6a260SGG8DzYz0hgNx0JuxBqZDn8cqxM2ohTYfTo46HEGIQALCcf0yx/qBwVL6X9
0JTCVIYpCgtBksaEKy7iCtiKoaAR4in3wCCJzRJgKVYKzkfP77TMSF36hhbKYDfa
1j8dX2Rn1QIPFEy9uR123mXxeGKTvU+mQeq0xD07QaqM+MYpR2p0QBIZsWPDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUd/XtSwRX4kYnYCGb+/x+fyskuSMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk2OTk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjQvE
MA0GCSqGSIb3DQEBCwUAA4IBAQDBji9eYFceKLMblEmpl3eKvI6LMgfUTUTyWkc/
aD2V9dBmnC6WvO1UN85Fv6egpV6uEyFiaSPStDvsHUKvdyG1jEOKPY+x+WjmXLoE
CMnUYdqpOpJ45WfADEtBPKex9I3AG1dqe42vq2ycxBDlgTeXw2DrLbPgG8lh8FV3
IV1viZtyHTJyRH/Wp6/hTAlDWMzrtsrEAUxY/JOVH6jOW9B8JMtIf6RYCHgRa/jB
gQdsJc5Gup0vHwwpOcB7ufZsXbYmfeSjpI/Ii3DbPA2guuD2yRC0rYTxELUA//TK
O/6MjD14UT3/z7szkIUlVldG0+Ia5aslWMntC4cZ9g8srwUM
-----END CERTIFICATE-----